The disclosure relates to Internet Protocol telephony. More particularly, the disclosure relates to security in an Internet Protocol telephony network.
Communication systems, particularly communication networks enabled for public access, are configured to provide remote communications for users connected to the system. System operators may bill system users based in part on a perceived value of the communication services provided by the network or based in part on a level of network resources engaged in supporting a user communication. Some users may attempt to access the communication system in an unauthorized manner in an attempt to receive the benefits of the communication system without the corresponding cost.
The degree of effort an unauthorized user applies to accessing the system is typically proportional to the value associated with access to the system. For example, a highly secure network that provides a low value to an unauthorized user may be relatively immune from attacks by unauthorized users. In contrast, a relatively unsecured network that potentially provides high value to unauthorized users may constantly be targeted by unauthorized users.
A telephone system is an example of a communication system that provides varying level of services. Unauthorized user expend proportionate levels of effort in attempting to access those features of the system that are perceived as providing the highest value. Basic phone service is typically of lower value and is not often the efforts of unauthorized users. However, long distance service provided by the phone system has a much higher value and thus, is the goal of many attacks to the system.
The theft of network services can occur through many means. However, unauthorized system access is gained typically through the use of hardware clones or protocol attacks.
A hardware clone is a device that is configured to be virtually identical to an authorized device within the system. Unauthorized access to system services is gained by masquerading as an authorized user. Communication systems such as wireless telephone systems and satellite television systems were often the targets of unauthorized clone access during the early years of system implementation.
A protocol attack is based on exploiting a weakness in one or more protocols used in the communication system. A simplified example of a protocol attack is in a communication system that provides access based on password authentication. An unauthorized user may use various techniques in an effort to “guess” a correct password allowing access to the system. Alternatively, an unauthorized user may monitor a communication channel or link for the presence of an authorized user and record the communication messages transmitted by the authorized user when accessing the system. The unauthorized user may then retransmit or replay the communication messages from the authorized user to access the system.
Internet Protocol (IP) based networks are subjected to unauthorized intrusions and attacks in attempts to access services and data available on the network. IP telephony networks combine the services of previous IP and telephone networks while still allowing compatibility and access to legacy systems.
Because an IP telephony network can be configured to provide services of both legacy IP networks and Public Switched Telephone Networks (PSTN), the IP telephony network is likely to be the subject of attacks designed to provide unauthorized access. Therefore, it is desirable to have a secure IP telephony network architecture that is resistant to present and future intrusions.